US Officials Call For Federal Oversight Of Social Media Firms

Twitter suffered from cybersecurity shortfalls that enabled a ‘simple’ hack in the summer, which compromised the accounts of high profile figures, an official US report has concluded.

The report, from New York’s Department of Financial Services (DFS), also concluded that large social media companies be “designated as systemically important institutions with prudent (federal) regulation to manage heightened cybersecurity risk.”

New York’s Department of Financial Services had produced the report after New York Governor Andrew Cuomo ordered a probe following the 15 July hack of celebrity Twitter accounts.

Twitter hack

In August 17-year-old Graham Clark, pleaded not guilty to charges that he organised that Twitter hack in mid July.

That hack resulted in the Twitter accounts of very public figures and corporations including Elon Musk, Jeff Bezos and Bill Gates, tweeting a bitcoin scam that offered to double people’s bitcoin payment.

The DFS report found that Twitter lacked adequate cybersecurity protections and, at the time of the attack, did not have a chief information security officer.

It said that the hackers had accessed Twitter’s systems with a simple technique: by calling Twitter employees and claiming to be from Twitter’s IT department.

After the hackers duped four employees into giving them their log-in credentials, they hijacked the Twitter accounts of politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and several cryptocurrency companies.

Following the Twitter hack, the social networking firm confirmed that the hackers had targeted a small number of its staff through a phone “spear phishing” attack.

Twitter said it has taken “significant steps” to limit access to account management tools while the company’s investigation continued.

Poor security

But the DFS report stated that despite being a global social media platform with over 330 million average monthly users in 2019, Twitter lacked adequate cybersecurity protection.

“At the time of the attack, Twitter did not have a chief information security officer, adequate access controls and identity management, and adequate security monitoring – some of the core measures required by the Department’s first-in-the-nation cybersecurity regulation,” the report stated.

“Considering social media’s increasingly critical role as a source of news and information, the ease of the Twitter hack shows Twitter’s vulnerability to an election-related hacking attempt,” it added.

“Twitter and other large social media companies have no dedicated federal or state regulator ensuring that their cybersecurity policies and programs adequately address the risks of their digital operating models,” it noted.

Federal oversight

And the DFS report then recommended that there should be federal oversight of social media firms, given their size and importance.

“Instead, they are largely self-regulated and have no accountability for significant cybersecurity lapses as occurred in the Twitter hack,” it stated. “The report recommends that the largest social media companies, whose platforms reach millions of people around the world, should be designated as systemically important institutions with prudent regulation to manage heightened cybersecurity risk.”

“Social media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” explained superintendent of Financial Services Linda A. Lacewell.

“The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Lacewell. “As we approach an election in fewer than 30 days, we must commit to greater regulatory oversight of large social media companies.”

“The integrity of our elections and markets depends on it. The swift and effective response of DFS-regulated cryptocurrency companies illustrates how effective regulation can foster innovation and growth, while also protecting consumers,” said Lacewell.

Besides the US arrest and charges against Graham Clark, a man in the UK has also been arrested as part of the criminal investigation.

Mason Sheppard, 19, in Bognor Regis was named at the UK citizen arrested, as was American Nima Fazeli, 22, of Orlando.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago